<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Hello,<br></div><div><br data-mce-bogus="1"></div><div>I went through the code loading secrets (either private keys or PSKs) using VICI in swanctl and found several places where they were not memwipe.<br data-mce-bogus="1"></div><div>I added necessary calls to memwipe and tested it :<br data-mce-bogus="1"></div><div>----------------------------------------------------------------------------------------------------------------------------<br data-mce-bogus="1"></div><div>diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c<br>index df5b85c64..5ce37c91a 100644<br>--- a/src/libcharon/plugins/vici/vici_message.c<br>+++ b/src/libcharon/plugins/vici/vici_message.c<br>@@ -644,6 +644,17 @@ METHOD(vici_message_t, dump, bool,<br>     return FALSE;<br> }<br> <br>+CALLBACK(clear_strings, void,<br>+    void *ptr)<br>+{<br>+    char *str;<br>+<br>+    str = (char*)ptr;<br>+<br>+    memwipe(str, strlen(str));<br>+    free(str);<br>+}<br>+<br> METHOD(vici_message_t, destroy, void,<br>     private_vici_message_t *this)<br> {<br>@@ -651,7 +662,11 @@ METHOD(vici_message_t, destroy, void,<br>     {<br>         chunk_clear(&this->encoding);<br>     }<br>-    this->strings->destroy_function(this->strings, free);<br>+    else<br>+    {<br>+        memwipe(this->encoding.ptr, this->encoding.len);<br>+    }<br>+    this->strings->destroy_function(this->strings, clear_strings);<br>     free(this);<br> }<br> <br>diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c<br>index 97209953a..039398cd2 100644<br>--- a/src/libstrongswan/credentials/keys/shared_key.c<br>+++ b/src/libstrongswan/credentials/keys/shared_key.c<br>@@ -77,7 +77,7 @@ METHOD(shared_key_t, destroy, void,<br> {<br>     if (ref_put(&this->ref))<br>     {<br>-        free(this->key.ptr);<br>+        chunk_clear(&this->key);<br>         free(this);<br>     }<br> }<br>diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c<br>index 3b84eb7ea..9ca96a4d2 100644<br>--- a/src/libstrongswan/plugins/pem/pem_builder.c<br>+++ b/src/libstrongswan/plugins/pem/pem_builder.c<br>@@ -147,7 +147,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,<br>     }<br>     crypter->destroy(crypter);<br>     memcpy(blob->ptr, decrypted.ptr, blob->len);<br>-    chunk_free(&decrypted);<br>+    chunk_clear(&decrypted);<br> <br>     /* determine amount of padding */<br>     last_padding_pos = blob->ptr + blob->len - 1;<br>@@ -354,7 +354,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)<br>             memcpy(blob->ptr, chunk.ptr, chunk.len);<br>             blob->len = chunk.len;<br>         }<br>-        free(chunk.ptr);<br>+        chunk_clear(&chunk);<br>         if (status != INVALID_ARG)<br>         {    /* try again only if passphrase invalid */<br>             break;<br>diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c<br>index ac19fafb4..5ab25ee42 100644<br>--- a/src/libstrongswan/utils/chunk.c<br>+++ b/src/libstrongswan/utils/chunk.c<br>@@ -445,6 +445,20 @@ bool chunk_unmap(chunk_t *public)<br>     return ret;<br> }<br> <br>+/**<br>+ * See header.<br>+ */<br>+bool chunk_unmap_clear(chunk_t *public)<br>+{<br>+    mmaped_chunk_t *chunk;<br>+<br>+    chunk = (mmaped_chunk_t*)public;<br>+    if (!chunk->wr && chunk->map != MAP_FAILED)<br>+        memwipe(chunk->map, chunk->len);<br>+<br>+    return chunk_unmap(public);<br>+}<br>+<br> /** hex conversion digits */<br> static char hexdig_upper[] = "0123456789ABCDEF";<br> static char hexdig_lower[] = "0123456789abcdef";<br>diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h<br>index a5eb5ed3b..94045479c 100644<br>--- a/src/libstrongswan/utils/chunk.h<br>+++ b/src/libstrongswan/utils/chunk.h<br>@@ -139,6 +139,18 @@ chunk_t *chunk_map(char *path, bool wr);<br>  */<br> bool chunk_unmap(chunk_t *chunk);<br> <br>+/**<br>+ * munmap() a chunk previously mapped with chunk_map() after clearing it (only<br>+ * if not a writeable map)<br>+ *<br>+ * When unmapping a writeable map, the return value should be checked to<br>+ * ensure changes landed on disk.<br>+ *<br>+ * @param chunk                        pointer returned from chunk_map()<br>+ * @return                             TRUE of changes written back to file<br>+ */<br>+bool chunk_unmap_clear(chunk_t *chunk);<br>+<br> /**<br>  * Convert a chunk of data to hex encoding.<br>  *<br>diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c<br>index 2c1947dd1..c6c24d233 100644<br>--- a/src/swanctl/commands/load_creds.c<br>+++ b/src/swanctl/commands/load_creds.c<br>@@ -445,7 +445,7 @@ static void load_keys(load_ctx_t *ctx, char *type, char *dir)<br>                     {<br>                         load_key(ctx, path, type, *map);<br>                     }<br>-                    chunk_unmap(map);<br>+                    chunk_unmap_clear(map);<br>                 }<br>                 else<br>                 {<br>@@ -552,7 +552,7 @@ static void load_containers(load_ctx_t *ctx, char *type, char *dir)<br>                 if (map)<br>                 {<br>                     load_encrypted_container(ctx, rel, path, type, *map);<br>-                    chunk_unmap(map);<br>+                    chunk_unmap_clear(map);<br>                 }<br>                 else<br>                 {</div><div>----------------------------------------------------------------------------------------------------------------------------</div><div><br data-mce-bogus="1"></div><div data-marker="__SIG_PRE__"><table width="500" border="0"><tbody><tr><td colspan="2" style="color:#404040;font-size:9pt;font-family:'arial' , sans-serif"><b>Jean-François HREN</b></td></tr><tr><td colspan="2" style="color:#404040;font-size:9pt;font-family:'arial' , sans-serif">Developper - Network Security R&D</td></tr><tr><td style="border-right:dotted #7f7f7f 1pt" width="160"><a href="http://www.stormshield.eu" target="_blank" rel="nofollow noopener noreferrer"><img src="https://mystormshield.eu/images/mailsignature.png" data-mce-src="https://mystormshield.eu/images/mailsignature.png"></a><br></td><td><table style="height:75px"><tbody><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px"><b>STORMSHIELD</b></td></tr><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px">2/6 Parc de l'Horizon</td></tr><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px">59650 Villeneuve d'Ascq - FRANCE</td></tr><tr style="height:15px"><td style="color:rgb( 64 , 64 , 64 );font-size:9pt;font-family:'arial' , sans-serif;height:15px">Mobile : +33 (0)6 23 08 80 81</td></tr><tr style="height:15px"><td style="color:rgb( 85 , 142 , 213 );font-size:9pt;font-family:'arial' , sans-serif;height:15px"><a href="https://twitter.com/Stormshield" style="text-decoration:none;color:#558ed5" rel="noopener nofollow noopener noreferrer" target="_blank">Twitter</a> . <a href="https://www.linkedin.com/company/22425?trk=cws-btn-overview-0-0" style="text-decoration:none;color:#558ed5" target="_blank" rel="nofollow noopener noreferrer">LinkedIn</a> . <a href="http://www.stormshield.eu" style="text-decoration:none;color:#558ed5" target="_blank" rel="nofollow noopener noreferrer">www.stormshield.eu</a><br></td></tr></tbody></table></td></tr></tbody></table><div><br></div><div id="mceResizeHandlen" class="mce-resizehandle" style="margin:0px;padding:0px"></div><div id="mceResizeHandlee" class="mce-resizehandle" style="margin:0px;padding:0px"></div><div id="mceResizeHandles" class="mce-resizehandle" style="margin:0px;padding:0px"></div><div id="mceResizeHandlew" class="mce-resizehandle" style="margin:0px;padding:0px"></div></div></div></body></html>